Cybersecurity: The Challenge of Digital Dependence
The coronavirus pandemic has forced widespread attention to safety and best practices for protecting ourselves from this invisible enemy. Hand washing became a national conversation in March, stay-at-home orders limited the number of physical interactions that boost contagion, and ultimately a vaccine will be the tool that inoculates us against this specific virus. Along with hygiene and distancing, we’ve massively accelerated the rate and extent of time spent in the virtual world. We rely on virtual networks not only to track the vaccine but also to conduct regular business, shop for daily and occasional purchases, and deliver an endless array of entertainment options.
The stock market has benefitted from this shift to remote work and digital dependence. Many companies and consumers were able to continue their normal operations and spending, in some cases seeing demand for their digital services expand significantly (see: Zoom, DocuSign, and Netflix). This is not meant to minimize the significant toll the virus has had on human life and health, but to explain how markets can be hitting all-time highs in the midst of a deadly pandemic that has disrupted and slowed our economy.
This technology trend in recent decades expanded a new frontier of risk for companies and individuals alike: cybersecurity. Similar to the coronavirus itself, we refer to this invasive computer code that can steal information, money, and personal data as a virus.
SolarWinds of Risk
This week revealed details of a widespread cyberattack that reached into US government agencies and private companies, including Microsoft and many others. The source was a little-known software company called SolarWinds that until this week was a recognizable name only to computer network administrators. Security investigators say the company which boasts more than 400 of the Fortune 500 corporations and many government agencies as clients provided the perfect delivery mechanism.1 This intrusion was quietly underway for months, while our US security agencies were heavily focused on election security.
You can read more about this specific attack here, but the point is that this risk is only growing in scope. In 2017, a breach at Equifax exposed the personal data of 145 million people, including Social Security numbers. By 2019, there were 1,473 reported breaches, up 17 percent from the prior year.2 Ransomware targets began to include hospitals and schools that were forced to pay in order to regain access to their networks. Large companies also face hefty price tags to clean up the damage from a security breach. In 2017, a Russian linked hack called NotPetya ended up costing FedEx $400m and Merck & Co more than $670m.3
Even though this risk is expanding, companies are still growing and participating in the marketplace. FedEx just reported record third-quarter earnings. Average daily package volume for FedEx Ground, which runs e-commerce deliveries, climbed 29% for the quarter as the company helped deliver millions of holiday gifts, e-commerce packages, and recently began to ship the Pfizer-BioNTech vaccine. These demand tailwinds should extend into 2021.
Be Careful; Keep Going
For individual investors, staying safe means understanding new risks as they develop, but it also means staying invested in the marketplace. FedEx modified their cyber protection as a result of the breach but did not shut down its operations after the cyberattack. Their stock price initially declined in response, but over time they were rewarded as consumer demand, shipments, and profits all increased. Historically, investors who are able to weather market downturns, like the one we saw this March, are also likely to be rewarded with higher portfolio values over time.
Similar to real viruses, invasive computer code is invisible and continually evolving, and what’s needed to protect against attacks also changes over time. Our world is more digitally connected than ever before and is likely to grow more and more complex. Happily, this will also provide better and easier ways to remain connected with our clients, accomplish our work, and connect us with our communities.
This is a good moment to remind ourselves to remain vigilant and stay attentive to the risks of identity theft and cybercrime. Two good resources with tips for staying safe can be found from Consumer Reports and CISA (the government agency in charge of cybersecurity).
 Suspected Russian Cyberattack Began With Ubiquitous Software Company. By Robert McMillan. Dec. 15, 2020. Wall Street Journal
 Facts + Statistics: Identity theft and cybercrime. Insurance Information Institute
 Hack Suggests New Scope, Sophistication for Cyberattacks. By Dustin Volz and Robert McMillan. Dec. 17, 2020. Wal Street Journal